CVE-2016-0335

Опубликовано: 12 янв. 2018

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors. IBM X-Force ID: 111736.

Ссылки

http://www-01.ibm.com/support/docview.wss?uid=swg21981438
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/111736
VDB Entry
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21981438
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/111736
VDB Entry
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:security_identity_manager:7.0.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:security_identity_manager:7.0.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:security_identity_manager:7.0.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:security_identity_manager:7.0.0.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:security_identity_manager:7.0.1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 23%

0.00076

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-m595-3vgf-8pqg